Secure network user states

ABSTRACT

A server and a computer are connected to a network. User data may be used to establish a state between a server and a user operating the computer. Secure network user states includes creating a first key from a received user key; encrypting user data with the cryptographic key; storing the encrypted user data in a cookie; and sending the cookie to the computer; such that subsequently, a secure state between the server and the user is established by receiving the cookie and the user key from the computer; creating a second key that matches the first key; decrypting, using the second key, encrypted user data extracted from the cookie; and establishing the secure state based on the decrypted user data. A key is created in any repeatable manner, which mathematically must include at least one insertion or deletion. Optionally, user data may be seeded to heighten security of the state.

CONTINUING DATA

This is a CONTINUATION of, and incorporates by reference in itsentirety, U.S. application Ser. No. 09/545,009, entitled SECURE INTERNETUSER STATE CREATION METHOD AND SYSTEM WITH USER SUPPLIED KEY AND SEEDINGand filed on Apr. 7, 2000 now U.S. Pat. No. 6,601,170 by Wallace, whichin turn is a CONTINUATION of, and incorporates in its entirety, U.S.application Ser. No. 09/475,638 entitled METHOD AND SYSTEM FOR CREATINGSECURE INTERNET USER STATES, filed on Dec. 30, 1999 now abandoned byWallace et. al. Further, this disclosure is related to, and incorporatesin by reference in their entireties, U.S. application Ser. Nos.09/491,225 entitled KEY-BASED METHOD AND SYSTEM FOR CREATING SECUREINTERNET USER STATES, and Ser. No. 09/491,059 entitled KEY-BASED METHODAND SYSTEM WITH KEY INDEX FOR CREATING SECURE INTERNET USER STATES,both, filed on Jan. 25, 2000 by Wallace et. al, and now abandoned; andU.S. application Ser. No. 10/003,736 entitled KEY-BASED SECURE NETWORKUSER STATES filed on Oct. 31, 2001 by Wallace et al.

FIELD OF INVENTION

The present invention relates to secure network user states.

BACKGROUND OF THE INVENTION

Computer networks, such as the Internet, are well known in the art, andmay be based on the HTTP protocol. Because HTTP is a stateless, ornon-persistent, protocol, it is not possible for such servers todifferentiate between visits by a specific user unless the server cansomehow mark the user to create a state or logical nexus between theserver and the user. Thus, each visit by an Internet user to a websiteis unique, in that the website does not generally know the identity ofthe user and/or other information about the user, with the exception ofa few details such as browser type, IP address, etc. It should be noted,however, that when a user has a fixed IP address, the user's identity orinformation about the user may be known by logical relation to adatabase. But, since the majority of Internet users are assigned dynamicIP addresses each time they connect to the Internet, reliance on auser's IP address to create a state is problematic since their IPaddresses may change each time a user connects to the Internet.

To remedy the problem of HTTP's stateless nature, cookies have beenintroduced for the specific purpose of creating states. They may betemporary, in which case they are stored only in memory; or persistent,in which case they are stored in a file, typically on a hard drive, forperiod of time measured by an expiration date field of a cookie. Acookie may be thought of as a data structure stored in the memory or onthe storage device of a user's computer, with the cookie containingdata, such as the user's identity and/or other information about theuser for the purpose of creating a state between the web server and theuser. Thus, when a user visits a particular website, a cookie stored ona user's computer may be sent from the user's computer over the Internetto the web server, which then extracts the data from the cookie,processes the data and therewith creates a state. For example, a user'sname may be stored in a cookie and when that user visits a particularwebsite, the data contained in the cookie may be sent to the server andused to identify the user.

More specifically and typically, when a user first visits an Internetwebsite, a web server associated with the website may send a cookie tothe user, which is then stored in the memory or on the hard drive of auser's computer, in conjunction with the user's Internet browsersoftware. When the user subsequently visits the website, the cookie maybe sent back to the server so that the user's identity and/or otherinformation about the user that is stored in the cookie may be known tothe server via the data contained in the cookie, such that a statebetween the user and the web server is created.

However, the use of cookies has created a significant problem relatingto user privacy. Because these cookies are stored on a user's computer,especially when on a hard drive, other servers may potentially accessthe cookies of other servers and extract and read the user's identityand/or other information about the user that is stored in those cookies.Such extracting and reading is considered by many as an invasion of theuser's privacy.

An attempted solution to protect the privacy of Internet users isprovided in RFC 2109, HTTP STATE MANAGEMENT MECHANISM, having apublication date of February, 1997. This solution involves a domainrestriction on reading and writing cookies, which must be implemented inconjunction with a user's particular browser software for effectuation.For example, a web server associated with the domain thissite.com maywrite a cookie having the domain value .thissite.com. According to thedomain restriction, this cookie may only be read by a server within thespecified domain and related sub-domains. For example, while the serversat thissite.com, L1.thissite.com, L2.L1.thissite.com, etc. may read thecookie having the domain value .thissite.com, the servers othersite.com,L1.othersite.com, L2.L1.othersite.com may not read the cookie having thedomain value .thissite.com. While this methodology appears adequate onits face, practically it is not. It suffers from at least fourdeficiencies.

A first problem is that this methodology requires software vendorsproducing browser software to implement this domain restriction. Whilemainstream vendors may attempt to comply, other smaller vendors may not.Thus, failed compliance may create a hole through which a user's privacymay be invaded via the unauthorized access of cookies despite theexistence of a domain restriction.

A second problem is that despite attempted compliance, one or more bugsor exploits in the browser software may exist and be exploited; thus,also creating a hole through which a user's privacy may be invaded. Forexample, as identified in the article, COOKIE EXPLOIT, published byCOOKIE CENTRAL on Dec. 14, 1998, such a bug did exist and a hole waspotentially created and exploited. The bug allowed cookies to be sharedbetween unrelated domains, despite the domain restriction implemented bysome if not all cookie-based Internet browser applications. Basically,by concatenating an ellipsis (“. . . ”) at the end of the domain valueset in a cookie, other unrelated servers were able to read thosecookies. Such a domain value may be “.thissite.com . . . ” According tothis article, at the time of publication all mainstream Internet browserapplications were vulnerable to this exploit. Indeed, the article goeson to assert that the most popular Internet browser applications,INTERNET EXPLORER and NETSCAPE, were known to be vulnerable on theWINDOWS, MAC and LINUX platforms. Thus, the domain restriction wasnullified and servers participating in the exploitation of this bug wereable to access cookies from domains outside their own domain, which isexactly what the domain restriction of RFC 2109 was intended to prevent.Thus, the privacy of Internet users benefiting from the use of cookieswas unequivocally subject to invasion.

A third problem is that the cookies stored on a user's hard drive may beviewed by a person who is physically using the user's computer. Thelocation and naming of cookie files stored on a user's hard drive aregenerally known or discoverable by those skilled in the art. Forexample, it is well known in the art that the browser softwareapplication NETSCAPE™ that is developed and distributed by NETSCAPECOMMUNICATIONS CORPORATION™ generally stores cookies in a user directoryin a single file named “cookie.txt”. One physically using a user'scomputer may open such a file with a simple text editor and directlyview and/or print the data contained in all cookies present, which isclearly an invasion of the user's privacy.

A fourth problem is that under certain conditions servers may directlyread cookie files outside the domain restriction set in the cookies. Itis generally known in the art that where a user's Internet browsersoftware is configured to enable JAVA script, specific files having aknown name (such as, “cookies.txt”) may be directly accessed, read andtransmitted to some location over the Internet by a “virus” embeddedwithin such JAVA script. Additionally, a devious program may alsocontain such a virus that can do the same. Many Internet users downloadand run executable programs from the Internet knowingly and unknowinglyrisking the infection of a virus; and therefore, this risk is presentand real. The location of cookie files are generally known ordiscoverable to those ordinarily skilled in the art. Indeed, such avirus may execute a “directory” command to obtain the names of files anddirectories on a hard drive; for example, a directory listing of filesand directories in the “c:\windows\Temporary Internet Files” directoryor “c:\Program Files\Netscape\Users” directory. The former may producecookie files produced by INTERNET EXPLORER; while the latter may producethe names of the directories of users of NETSCAPE (i.e., John), whichmay be used to access the NETSCAPE cookie file, which in this case wouldbe “c:\Program Files\Netscape\Users\John\cookies.txt”. Indeed, thesurreptitious harvesting of cookies files is available to those seekingit; and the privacy of Internet users are subject to invasion.

Another attempted solution is practiced by some industry participants.This attempted solution involves storing in persistent cookies a primarykey (or database index) to a database containing data records of userinformation, rather than storing the private data in the persistentcookies. Thus, the unauthorized viewing or reading of a primary key doesnot appear to be an invasion of privacy. While some, including thepublic, may consider such a practice as sufficient in protecting userprivacy from invasion, practically it is insufficient and provides afalse sense of security.

By definition, primary keys are unique within a defined universe. Thus,within a defined universe of Internet users, a single primary keyuniquely identifies one or more database records that relate to aspecific user. Where the contents of a database are known or obtained bya party (i.e., possessed, or hacked into and harvested), an Internetuser, within the defined universe, visiting a website associated withthat party risks an invasion of privacy. If the user has a primary keystored in a persistent cookie on the user's hard drive, access to thatcookie may allow information relating to the user in the database to bereferenced and used by the party to establish an undesired state betweenthe website and the user. In addition, other information about the userthat may be harvested during the visit from other cookies stored on theuser's hard drive may be combined with the user's data in the database.For example, the database may only contain the user's name, address andphone number. But data harvested from the user's other cookies mayreveal that the user had visited a website associated with herbaltreatments for those with HIV, a website associated with HIV treatmentcenters in the user's town and a website associated with HIV research.By combining this health-related data with the database data, the name,address and phone number of a person who appears to have HIV is nowknown. Where the person does in fact have HIV and sought to keep his orher ailment private, this combined information results in the person'sprivacy being clearly invaded.

Therefore, there is a need for secure network user states.

SUMMARY OF THE INVENTION

An object of the present invention is to provide secure network userstates.

Another object of the present invention is to provide secure networkuser states that assist in protecting user privacy.

The environment of the present invention includes at least one serverand at least one computer communicatively connected together via anHTTP-based network, where user data is used to establish a state betweena server and a user operating a computer.

In an exemplary aspect of the invention, a method of establishing by aserver a secure state between the server and a user operating acomputer, includes receiving, from the computer, a user key; creating,from the user key, a first key; encrypting, using the first key, userdata; storing the encrypted user data in a cookie; naming the cookie bystoring name data in the cookie; and sending the cookie to the computer;such that subsequently, a secure state between the server and the useris established by receiving the cookie and the user key from thecomputer; creating a second key that matches the first key; decrypting,using the second key, the encrypted user data extracted from the cookie;and establishing the secure state based on the decrypted user data.

In another exemplary aspect of the invention, a method of establishingby the server a secure state between the server and a user operating thecomputer, includes receiving, from the computer, a user key and a cookiehaving stored therein encrypted user data that may be seeded accordingto a format; creating, from the user key, a cryptographic key;decrypting, using the cryptographic key, the encrypted user data; andestablishing the secure state between the server and the user based onthe decrypted user data.

In yet another exemplary aspect of the invention, a key is created inany repeatable manner, which mathematically must include either at leastone insertion or at least one deletion as defined herein.

In a further exemplary aspect of the invention, optionally, user datamay be seeded according to a format before it is encrypted, such thatsubsequent decryption of encrypted user data will reveal whether theuser data was initially seeded according to the format, which furtherheightens the secure nature of secure network user states.

In yet a further exemplary aspect of the invention, a computer readablemedium includes instructions for establishing a secure state between theserver and a user operating the computer, by causing the server toperform a method as disclosed herein.

Other features and advantages of the present invention will be apparentfrom the accompanying drawings and the detailed description thatfollows.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention is illustrated by way of example and notlimitation in the figures of the accompanying drawings in which likereferences indicate similar elements and in which:

FIG. 1 shows the general environment of the present invention, in whichone or more servers are connected to one or more remote computers viathe Internet or other HTTP-based network.

FIG. 2 a shows the sending of private data by a remote computer over theInternet to a server according to the present invention.

FIG. 2 b shows a form containing data fields including a field forinputting of a user key.

FIG. 2 c shows a form containing a field for inputting of a user key.

FIG. 3 shows the inputting of private data and an encryption key into anencryption function to produce encrypted private data.

FIG. 4 a shows in a preferred embodiment a user key prior to a series ofreplacement steps.

FIG. 4 b shows a user key after a first replacement step.

FIG. 4 c shows a user key after a second replacement step.

FIG. 5 a shows a user key prior to a series of insertion steps.

FIG. 5 b shows a user key after a first insertion step.

FIG. 5 c shows a user key after a second insertion step.

FIG. 6 a shows a user key prior to a series of deletion steps.

FIG. 6 b shows a user key after a first deletion step.

FIG. 6 c shows a user key after a second deletion step.

FIG. 6 d shows a user key after a third deletion step.

FIG. 6 e shows a user key after a fourth deletion step.

FIG. 7 a shows a user key prior to a series of rearrangement steps.

FIG. 7 b shows a user key after a first rearrangement step.

FIG. 7 c shows a user key after a second rearrangement step.

FIG. 8 a shows a seed and private data in a preferred seeding embodimentprior to the combining of the seed with private data.

FIG. 8 b shows a seed and private data in a preferred seeding embodimentafter the seed is combined with private data.

FIG. 9 shows a cookie containing encrypted private data.

FIG. 10 a shows a non-persistent cookie sent over the Internet to aremote computer that stores it in the remote computer's RAM.

FIG. 10 b shows a persistent cookie sent over the Internet to a remotecomputer that stores it on a hard drive.

FIG. 11 a shows a remote computer sending a cookie over the Internet toa first server.

FIG. 11 b shows a remote computer sending a cookie over the Internet toa second server.

FIG. 12 shows the decryption of encrypted private data with a user key.

DETAILED DESCRIPTION

FIG. 1 shows the environment of the present invention, in which one ormore servers 10.1-10.a (for a≧1) are operatively connected via theInternet 20 (or other network) to one or more remote computers 30.1-30.b(for b≧1).

Generally, the present invention is carried out via software executingon one or more servers, software executing on one or more remotecomputers, and user input via one or more input devices operablyconnected to a user's remote computer.

The private data of a user (sometimes “user data”) is herein broadlydefined, and may include the user's IP address, name, mailing address,email address, age, sex, credit card information, login/passwordcombinations, preferences, hobbies, education level, browsing (click)history, browsing history with click frequency, browsing preferences,assigned primary keys, assigned GUIDs, etc. In essence, private datarelating to a user includes any information that may in and of itself bepersonal and private, as well as information that may be personal andprivate when combined with other data relating to the user. Thus, anydata particular to a user may be considered private data.

According to the present invention, a remote computer, associated withan Internet user, comprises an operable Internet connection, Internetsoftware, one or more computer memories for readably storing saidInternet software, one or more input devices and a CPU for executingsaid Internet software, wherein said computer Internet connection, eachof said one or more computer memories, each of said one or more inputdevices and said computer CPU are operatively connected to each other byat least one bus. Preferably, a remote computer has at least twocomputer memories: RAM and a hard drive; and at least two input devices:a pointing device and a keyboard.

According to the present invention, a server comprises an operableInternet connection, one or more server memories for readably storingserver software and cryptography software, and a CPU for executing saidserver software and said cryptography software, wherein said server CPU,each of said server memories and said server Internet connection areoperatively connected to each other by at least one bus. Preferably, aserver has at least two server memories: RAM and a hard drive. However,since software may be stored solely in RAM, the required software may beloaded into RAM from a removable storage device (e.g., hard drive) orstorage medium (e.g., diskette or data cartridge), with the device ormedium subsequently being removed.

The server software and cryptography software executing on a server maybe implemented with any compatible programming language and/or scriptthat functionally effectuates the present invention as claimed.

The cryptography software according to the present invention may performencryption and/or decryption. Generally, the cryptography softwareperforms both encryption and decryption; however, where a first serveronly encrypts data and other related servers decrypt data, cryptographysoftware need not perform both. The cryptography software may utilizeany key-based encryption algorithm, or combination of algorithms inwhole or in part, known in, taught by or obvious in light of the priorart that effectuates the present invention as claimed. However, it isessential that the overall functionality of the encryption algorithmused is one-to-one, in that the initial data results from decryption ofan encrypted format of the initial data. An illustrative set of exampleprior art encryption algorithms and techniques from which one may drawone or more, in whole or in part, in effectuating the present inventionare RSA; DSA; Diffie-Hellman; Public-Key Cryptography; PGP; SignatureAlgorithms; DES; triple-DES; IDEA; TDEA; Blowfish; Twofish; Yarrow;Square; TEA; CAST-128; RC4; Safer SK-128; Block Ciphers, includingTWOFISH; Stream Ciphers; MD2, MD4, MD5 and other techniques based on theSecure Hash Standard (SHS) or Secure Hash Algorithm (SHA-1); DigitalTimestamps Supporting Digital Signatures; Secret Sharing Schemes,including Blakley's Secret Sharing Scheme, Shamir's Secret SharingScheme and Visual Secret Sharing Schemes; Interactive Proofs;Zero-Knowledge Proofs; Message Authentication Codes; Quantumcryptography; and known or apparent variations and combinations thereof.

In a preferred embodiment, PUKALL's 128-bit stream cipher algorithm isused in effectuating the present invention, as it is known to executewith relatively great speed with small text-based data; was convenientlypublished by ALEXANDER PUKALL in 1991 (seehttp://www.multimania.com/cuisinons/pc1/index.html); and by its expressterms, may be used freely even for commercial applications. Use of thisalgorithm is highly suggested because of its fast processing speed, highencryption strength (128-bit keys) and minimal cost (free).

According to the present invention, associated with each user is anencryption key, which is used to encrypt private data relating to theuser. An encryption key may be any number of bits consistent with theparticular encryption algorithm used. However, it is important to notethat the larger the key size, the stronger the encryption. The mostcommon sizes of encryption keys are evenly divisible by eight (e.g., 40bit, 56 bit, 64 bit, 80 bit, 128 bit, 160 bit, 256 bit, 512bit, 1024bit, etc.); however other sizes may be used to the extent desirable andconsistent with the particular encryption algorithm used. In a preferredembodiment, 128 bit encryption keys are used. As described below, anencryption key is created by a server from a user key; therefore, anencryption key need not be, and preferably is not, archived in anycomputer storage device to help prevent theft thereof.

User Key

According to the present invention, associated with each user is a userkey. A user key is a value having one or more bits in length.Preferably, a user key has a number of bits evenly divisible by eight;and conveniently, ASCII characters, which represent eight bits of data,may be used. In a preferred embodiment, a user key is between 48 and 256bits in length (i.e., between 6 and 32 ASCII characters).

A user key may be archived in a memory or storage device of a server (orrelated server) or a user computer. Preferably, however, a user key iseither memorized or otherwise recorded in a non-computer-based fashionby the user for later reference (e.g., writing it down on a piece ofpaper); and specifically, not archived in any computer memory or on anycomputer storage device.

According to the present invention, a user key may be generated by aserver or selected by a user. Preferably, a user key is selected by auser, which may make the user key easier to remember by its associateduser.

Where a user key is generated by a server, the server may either selectthe user key from a predefined set of possible user keys; or randomlygenerate the user key in any known or obvious way consistent with thepresent invention. The server may then send the user key to the userover the network so that the user may memorize or otherwise record theuser key for later reference. Preferably, a server sends a generated keyto a user over a secure connection, such as SSL.

Where a user key is selected by a user, the user may input one or morebits of data in any known or apparent way. Preferably, a user may inputone or more ASCII characters via an input device in any known or obviousway, such as by typing or selecting one or more characters with akeyboard or clicking one or more grid fields of a grid representingASCII characters (all ASCII character) with a pointing device (e.g., amouse, trackball, touch pad, etc.). In a preferred embodiment, a user issent form data by a server over the network that presents the user witha form containing a data field for input of one or more bits orcharacters, the form being displayed on the user's display device viabrowser software; and upon submission of the form, the bits orcharacters being posted to a CGI program or script or similar program orscript located on the server via transmission back over the Internet tothe server. Preferably, a user sends a user key to a server over asecure connection, such as SSL.

As shown in FIG. 2 b, a user key field 73 may be displayed on a user'sdisplay device 70 for a user to enter a user key. Further, a submitbutton 74 may be provided for submission of the form.

Encryption Key

According to the present invention, a server may create an encryptionkey having e bits (e≧1) from a user key having u bits (u≧1) in anyparticular way that is repeatable, in that the same encryption key willbe re-created by the server or related server each time given the sameuser key. According to the present invention, an encryption key may becreated from a user key by inserting one or more bits into the user key,deleting one or more bits from the user key, replacing one or more bitsof the user key with one or more bits, and/or rearranging one or morebits of the user key. It should be noted that any combination ofinsertions, deletions, replacements and rearrangements may be employedto the extent an encryption key of size e is created and the combinationis repeatable.

In a preferred embodiment, the following program logic may be used tocreate an encryption key having e bits (e≧1) from a user key having ubits (u≧1):

-   If u=e, then replace at least one bit of the user key with its    converse, resulting in u=e.-   If u<e, then replace at least one bit of the user key with its    converse, and then insert one or more bits into the user key until    u=e.-   If u>e, then delete one or more bits from the user key until u=e,    and then replace at least one bit of the key with its converse,    which results in u=e.-   Optionally, rearrange two or more bits of a user key.

In a broad sense, creation according to the present invention may beeffectuated solely through one or more insertions and/or one or moredeletions. For example, the rearrangement and replacement of bits arecombinations of at least one insertion and at least one deletion.

Thus, according to the present invention, insertion, deletion,replacement and rearrangement may be employed to the extent desired andregardless of the size relationship between u and e, and may be employedindependently or in combination; as long as ultimately, u=e and thecreation process may be repeated.

The following examples are illustrative of creating an encryption keyhaving e bits (e≧1) from a user key having u bits (u≧1):

Replacement

According to the present invention, in a replacement step, i bits(1≦i≦u) of a user key starting from a position k (1≦k≦[u−i+1]) may bereplaced with j bits (j≧1, j ≠i) or i bits; preferably, with i bits. Forexample, replacing 2 bits (i=2) from a user key “011001” (u=6) startingfrom position 2 (k=2) with the bits “00” results in the user key“000001”.

The value i may be based on a fixed value (e.g., replacing 1 bit at atime, 2 bits at a time, 3 bits at a time, etc.) or a variable value. Avariable value may be generated from a formula integrated within programcode (e.g., after each replacement, with i=1 initially, i=i+1, i=i+3,i=((i*13) MOD 8)+1, etc.). Alternatively, a variable value may be basedon selecting from a set of predetermined values (e.g.,i_set≡{1,2,1,3,1,2,3,1, . . . }≡1 bit replaced, then 2 bits replaced,then 1 bit replaced, then 3 bits replaced, etc.) in any order that isrepeatable or capable of repetition (e.g., sequential, reverse order,every other value, etc.).

In a preferred embodiment, i is based on the fixed value 8. Thus,replacing is preferably performed 8 bits at a time.

Position k may be based on a fixed value (e.g., always inserting atposition k=1, k=2, . . . k=u+1) or a variable value. A variable valuemay be generated from a formula integrated within program code (e.g.,after each replacement step, with k=1 initially; k=k+1, k=k+2, k=k+3,k=([k* 13]MOD [u+1])+1), etc.). Alternatively, a variable value may beselected from a set of a plurality of predetermined values (e.g.,k_set≡{1,2,1,3,1,2,3,1}≡in a first replacement step, i bits are replacedstarting from position 1; in a second replacement step, i bits arereplaced starting from position 2; in a third replacement step, i bitsare replaced starting from position 1, etc.) in any sequence capable ofrepetition. Where a value k exceeds u−i+1, k may be reduced in valuesuch that 1≦k≦[u−i+1]; for example, k=(k MOD [u−i+1])+1.

In a preferred embodiment, k is based on a variable value that isgenerated within program code. Specifically, the formula k=n*i+1 may beemployed within a program loop, with n=0 initially and n=n+1 after eachreplacement.

The value of a bit or bits with which to replace during a replacementstep may be based on a fixed value (e.g., always replacing with 0's;always replacing with 1's; if replacing 1 bit, replace with “0”; ifreplacing 2 bits, replace with “10”; if replacing 3 bits, replace with“111”; etc.). Alternatively, the value of a bit or bits with which toreplace may be based on a variable value. A variable value may be basedon a formula integrated within program code (e.g., after a replacement,incrementing the value of a bit or bits to be inserted by 1, with rollover); or based on selecting a value from a set of a plurality ofpredetermined values (e.g., v_set≡{1,1,0,0,0,1,0, . . . }≡in a firstreplacement step, if replacing 1 bit, replace with “1”; in a secondreplacement step, if replacing two bits, replace with “10”; in a thirdreplacement step, if replacing 3 bits, replace with “001”; etc.) in anysequence capable of repetition. Where all the values contained in a sethave been selected, selection may be restarted from the first valueselected.

In a preferred embodiment, the values of bits with which to replace arebased on selecting variable values from a set of a plurality of ASCIIcharacters (e.g., v_set 300≡“FootBall”) in any order capable ofrepetition. Preferably, values from v_set are selected starting from aposition m, where m is based on a variable value selected from a set ofa plurality of predetermined values, with a predetermined value m=n*i+1for integers n≧0, in sequential order, with the order restarting fromthe first value after the last value is selected. For example, such aset may be m_set≡{17,33,9,25,41,9,1,41,1,33}. It should be noted thatwhere a value m would require a selection of bits from v_set beyond themaximum bit position in v_set, m may be first reduced in value (e.g.,m=m−16) or selection may wrap-around to the first bit position in v_set.

FIG. 4 a illustrates a preferred replacement embodiment according to thepresent invention, in which a user key 100 may be “Goose Gossage123”having a size of 128 bits; a v_set 300 of a plurality of predeterminedvalues may be “FootBall”; an m_set 500 of a plurality of predeterminedvalues may be {17,33,9,25,41,9,1,41,1,33}; i having a fixed value of 8;and k having a variable value of k=n*i+1, with n=0 initially and n=n+1after each replacement.

As shown in FIG. 4 b, in a first replacement step, n=0 initially, and ihas a fixed value of 8. Next, a value of k is determined according tok=n*i+1, which is the value 1. Accordingly, 8 bits (i=8) may be deletedfrom user key 100 starting from position 1 (“G” is to be replaced), andreplaced with a value from v_set 300. The first available value fromm_set 500 is selected, which is the value 17. Accordingly, 8 bits (i=8)starting from position 17 of v_set may be selected (bits 17 through 24),which is the value “o”. Thus, the value “G” of user key 100 may bereplaced with the value “o”, resulting in user key 100 having the value“ooose Gossage123”. The value of n may be incremented by 1 (i.e.,n=0+1=1).

As shown in FIG. 4 c, in a second replacement step with n=1, i still hasa fixed value of 8. Next, a value of k is determined according tok=n*i+1, which is the value 9. Accordingly, 8 bits (i=8) may be deletedfrom user key 100 starting from position 9 (“o” is to be replaced), andreplaced with a value from v_set 300. The next available value fromm_set 500 is selected, which is the value 33. Accordingly, 8 bits (i=8)starting from position 33 of v_set may be selected (bits 33 through 40),which is the value “B”. Thus, the value “o” of user key 100 may bereplaced with the value “B”, resulting in user key 100 having the value“oBose Gossage123”. The value of n may be incremented by 1(i.e.,n=1+1=2).

Preferably, replacement continues for 14 more iterations ([128÷i]iterations in toto). As can be seen, replacing i bits of a user key withi bits from another source does not change the value of u or e.

It should be noted that in any replacement step, any set of a pluralityof predetermined values may be based on one or more values contained ina user key; however, it is preferable to use values not based on a userkey.

Insertion

According to the present invention, during an insertion step, one ormore bits may be inserted into a user key at a position k (1≦k≦e). In apreferred embodiment, in an insertion step, i bits (i≧1) may be insertedinto a user key at position k (1≦k≦[u+1]), with the bits beforeinsertion at positions k through u, being shifted i places to the rightafter insertion, and u being increased by the value i. For example,inserting the bits “01” (i=2) into a user key “011001” (u=6) at position3 (k=3) results in the user key “01011001” with u=u+2.

The value i may be based on a variable value (see below) or a fixedvalue (e.g., inserting 1 bit at a time, 2 bits at a time, . . . , 8 bitsat a time). A variable value may be generated from a formula integratedwithin program code (e.g., after each insertion, with i=1 initially,i=i+1, i=i+3, i=((i*13) MOD 7)+1, etc.). Alternatively, and preferably,a variable number may be selected from a set containing a plurality ofpredetermined values (e.g., i_set≡{1,2,1,3,1,2,3,1, . . . }≡in a firstinsertion, insert 1 bit; in a second insertion, insert 2 bits; in athird insertion, insert 1 bit; in a fourth insertion, insert 3 bits;etc.) in any sequence capable of repetition (e.g., sequential, reverseorder, every other value, every 3 values, etc.). The insertion of anumber of bits that would result in u>e should be avoided, as anadditional step of removing at least one bit from the user key would berequired, although it is contemplated that such an insertion would befunctionally compatible with the present invention and is clearly withinthe scope of the present invention. Thus, for example, where aninsertion of i bits would result in u>e, i may be first reduced in valueby the excess number of bits to be inserted (i.e., i=i −(i+u−e)) toavoid one or more additional steps of removing bits from a user key.

In a preferred embodiment, i is based on a variable value selected froma set containing a plurality of predetermined values, with apredetermined value=n*8, for integers n>1 (e.g.,i_set≡{8,16,8,32,24,8,8,32}≡ in a first insertion, insert 8 bits; in asecond insertion, insert 16 bits; in a third insertion, insert 8 bits;in a fourth insertion, insert 32 bits; etc.) in sequential order, withthe order restarting from the first value after the last value isselected.

Position k may be based on a fixed value (e.g., always inserting atposition k=1, k=2, . . . k=u+1) or a variable value. A variable valuemay be generated from a formula integrated within program code (e.g.,after each insertion, with k=1 initially; k=k+1, k=k+3, k=([k*13]MOD[u+1])+1), etc.). Alternatively, and preferably, a variable value may beselected from a set of a plurality of predetermined values (e.g.,k_set≡{1,2,1,3,1,2,3,1}≡i bits are inserted at position 1 in a firstinsertion step, then i bits are inserted at position 2 in a secondinsertion step, then i bits are inserted into position 1 in a thirdinsertion step, etc.) in any sequence capable of repetition. Where avalue k exceeds [u+1], k may be reduced in value such that 1≧k≧[u+1];for example, k=(k MOD [u+1])+1.

In a preferred embodiment, k is based on a variable value selected froma set of a plurality of predetermined values, with a predeterminedvalue=n* 8+1 for integers n≧0, in sequential order, with the orderrestarting from the first value after the last value is selected. Forexample, such a set may be k_set≡{1,41,9,41,17,9,1,25,33,9}, which mayresult in individual insertions at positions 1, 41, 9, 41, etc. Where aselected value k is greater than u+1, k may be reduced by 8 until k=u+1.

The value of a bit or bits to be inserted during an insertion step maybe based on a fixed value (e.g., always insert 0's; always insert 1's;if inserting 1 bit, insert “0”; if inserting 2 bits, insert “10”; ifinserting 3 bits, insert “111”; etc.). Alternatively, the value of a bitor bits to be inserted may be based on a variable value. A variablevalue may be based on a formula integrated within program code (e.g.,after an insertion, incrementing the value of a bit or bits to beinserted by 1, with roll over); or based on selecting a value from a setof a plurality of predetermined values (e.g., v_set≡{1,1,0,0,0,1,0, . .. }≡in a first insertion step, if inserting 1 bit, insert “1”; in asecond insertion step, if inserting two bits, insert “10”; in a thirdinsertion step, if inserting 3 bits, insert “001”; etc.) in any sequencecapable of repetition. It should be noted that the set of a plurality ofpredetermined values may be based on one or more values contained in auser key; however, it is preferable that such values are not based onthe user key.

In a preferred embodiment, the values of bits to be inserted are basedon selecting a value from a set of a plurality of ASCII characters insequential order, with the order restarting from the first value afterthe last value is selected. As noted above, in a preferred embodimentinserting bits into a user key, i is based on a variable value selectedfrom a set containing a plurality of predetermined values, with apredetermined value=n* 8+1, for integers n≧0; and k is based on avariable value selected from a set of a plurality of predeterminedvalues, with each predetermined value=n* 8+1, for integers n.

Thus, FIG. 5 a, shows a preferred embodiment of the present inventionprior to an insertion of one or more bits into a user key 100 having ubits to create an encryption key having e bits, in which a user key 100may be “Goose Gossage” such that u=104; an i_set 200 of a plurality ofpredetermined values may be “8,16,8,32,24,8,8,32”; a v_set 300 of aplurality of predetermined values may be “FootBall”; and a k_set 400 ofa plurality of predetermined values may be “1,41,9,41,17,9,1,25,33,9”.

As shown in FIG. 5 b, in a first insertion, i is selected from the firstavailable value contained in i_set 200, which is the value “8”.Accordingly, 8 bits are selected starting from the first available valuein v_set 300, which is the ASCII character “F”. Next, the firstavailable value from k_set 400 is selected, which is the value “1”.Accordingly, the 8 bit character “F” is inserted into position 1 of userkey 100, resulting in the value “FGoose Gossage” and u=112.

As shown in FIG. 5 c, in a second insertion, i is selected from the nextavailable value contained in i_set 200, which is the value “16”.Accordingly, 16 bits are selected from the next available value in v_set300, which are the ASCII characters “oo”. Next, the next available valuefrom k_set 400 is selected, which is the value “41”. Accordingly, thecharacters “oo” are inserted into position 41 of user key 100, resultingin the value “FGoosooe Gossage” such that u=128. Since after a secondinsertion u=e, the creation may stop.

Deletion

According to the present invention, during a deletion step, one or morebits may be deleted from a user key starting from a position k (1≦k≦u).In a preferred embodiment, in a deletion step, i bits (1≦i≦u) may bedeleted from a user key at position k (1≦k≦[u−i+1]), with the bits afterdeletion at positions k+i through u, being shifted i places to the left,and u being decreased by the value i. For example, deleting 2 bits (i=2)from a user key “011001” (u=6) starting from position 2 (k=2) may resultin the user key “0001” with u=u−2.

The value i may be based on a variable value (see below) or a fixedvalue (e.g., deleting 1 bit at a time, 2 bits at a time, . . . , 8 bitsat a time, u−e bits ). A variable value may be generated from a formulaintegrated within program code (e.g., after each deletion, with i=1initially, i=i+1, i=i+3, i=((i*13) MOD 7), etc.). Alternatively, andpreferably, a variable number may be selected from a set containing aplurality of predetermined values (e.g., i_set≡{1,2,1,3,1,2,3,1, . . .}≡in a first deletion, delete 1 bit; in a second deletion, delete 2bits; in a third deletion, delete 1 bit; in a fourth deletion, delete 3bits; etc.) in any sequence capable of repetition (e.g., sequential,reverse order, every other value, every 3 values, etc.). The deletion ofa number of bits that would result in u<e should be avoided, as anadditional step of inserting at least one bit to the user key would berequired, however it is contemplated that such a deletion isfunctionally compatible with the present invention and within the scopeof the invention. Thus, for example, where a deletion of i bits wouldresult in u<e, i may be first reduced in value by the excess number ofbits; i.e., i=i −(e−[u−i]) to avoid one or more additional steps ofinserting bits into a user key.

In a preferred embodiment, i is based on a variable value selected froma set containing a plurality of predetermined values, with apredetermined value=n*8, for integers n≧1 (e.g.,i_Set≡{8,16,8,32,24,8,8,32}≡in a first deletion, delete 8 bits; in asecond deletion, delete 16 bits; in a third deletion, delete 8 bits; ina fourth deletion, delete 32 bits; etc.) in sequential order, with theselection restarting from the first value after the last value isselected.

Position k may be based on a fixed value (e.g., always deleting fromposition k=1, k=2, . . . , k=u−i+1) or a variable value. A variablevalue may be generated from a formula integrated within program code(e.g., after each deletion step, with k=1 initially; k=k+1, k=k+2;k=k+3, k=([k*13]MOD [u+1])+1), etc.). Alternatively, and preferably, avariable value may be selected from a set of a plurality ofpredetermined values (e.g., k_set≡{1,2,1,3,1,2,3,1}≡i bits are deletedstarting from position 1 in a first deletion step, then i bits aredeleted starting from position 2 in a second deletion step, then i bitsare deleted starting from position 1 in a third deletion step, etc.) inany sequence capable of repetition. Where a value k exceeds [u−i+1], kmay be reduced in value such that 1≧k≧[u−i+1] (e.g., k=(k MOD[u−i+1])+1).

In a preferred embodiment, k is based on a variable value selected froma set of a plurality of predetermined values, with a predeterminedvalue=n*8+1 for integers n≧0, in sequential order, with the orderrestarting from the first value after the last value is selected. Forexample, such a set may be k_set≡{1,41,9,41,17,9,1,25,33,9}, which mayresult in individual deletions starting from positions 1, 41, 9, 41,etc.

As noted above, in a preferred embodiment deleting bits from a user key,i is based on a variable value selected from a set containing aplurality of predetermined values, with a predetermined value=n*8, forintegers n≧1; and k is based on a variable value selected from a set ofa plurality of predetermined values, with a predetermined value=n*8+1,for integers n≧0.

FIG. 6 a, shows a preferred embodiment of the present invention prior todeletion of one or more bits from a user key 100 having u bits to createan encryption key having e bits, in which a user key 100 may be “GooseGossage is Here” such that u=168; an i_set 200 of a plurality ofpredetermined values may be “8,16,8,32,24,8,8,32”; and a k_set 400 of aplurality of predetermined values may be “1,41,9,41,17,9,1,25,33,9”.

As shown in FIG. 6 b, in a first deletion step, i is selected from thefirst available value contained in i_set 200, which is the value “8”.Next, the first available value from k_set 400 is selected, which is thevalue “1”. Accordingly, 8 bits are deleted from user key 100 startingfrom the position 1, resulting in the value “oose Gossage is Here” andu=160.

As shown in FIG. 6 c, in a second deletion, i is selected from the nextavailable value contained in i_set 200, which is the value “16”. Next,the next available value from k_set 400 is selected, which is the value“41”. Accordingly, 16 bits are deleted from user key 100 starting fromthe position 41, resulting in the value “oose ssage is Here” such thatu=144.

As shown in FIG. 6 d, in a third deletion, i is selected from the nextavailable value contained in i_set 200, which is the value “8”. Next,the next available value from k_set 400 is selected, which is the value“9”. Accordingly, 8 bits are deleted from user key 100 starting from theposition 9, resulting in the value “ose ssage is Here” such that u=136.

As shown in FIG. 6 e, in a fourth deletion, i is selected from the nextavailable value contained in i_set 200, which is the value “32”. Sincedeleting 32 bits from user key 100 would result in u<e (i.e., 104<128),i is reduced in value by the excess number of bits; via i=i−(e−[u−i]),resulting in i=8. Next, the next available value from k_set 400 isselected, which is the value “41”. Accordingly, 8 bits are deleted fromuser key 100 starting from the position 41, resulting in the value “osesage is Here” such that u=128. Since after a fourth insertion u=e, thecreation may stop.

Rearrangement

As noted above, according to the present invention, one or morerearrangement steps may optionally be employed in creating an encryptionkey from a user key.

According to the present invention, in a rearrangement step, one or morebits of a user key may be deleted from a user key starting from positionk and inserted into the user key starting from position m.

In a preferred embodiment, in a rearrangement step, i bits (1≦i≦u) maybe deleted from a user key starting from position k (1≦k≦[u−i+1]), withthe bits after deletion at positions k+i through u, being shifted iplaces to the left after insertion, and u being decreased by the valuei. For example, deleting 2 bits (i=2) from a user key “011001” (u=6)starting from position 2 (k=2) may result in the user key “0001” withu=u−2. Next, the one or more deleted bits may be inserted into the userkey starting from position m (1≦m≦[u+1]), with the bits before insertionfrom positions k through k+i being shifted i places to the right, and ubeing increased in value by i. For example, inserting 2 bits (i=2) intoa user key “0001” (u=6) starting from position 5 (m=5) may result in theuser key “000111” with u=u+2.

The value i may be based on a variable value (see below) or a fixedvalue (e.g., rearranging 1 bit at a time, 2 bits at a time, . . . , 8bits at a time, u−1 bits ). A variable value may be generated from aformula integrated within program code (e.g., after each rearrangement,with i=1 initially, i=i+1, i=i+3, i=((i*13) MOD 7), etc.).Alternatively, and preferably, a variable number may be selected from aset containing a plurality of predetermined values (e.g.,i_set≡{1,2,1,3,1,2,3,1, . . . }≡in a first rearrangement, switch 1 bitwith 1 bit; in a second rearrangement, switch 2 bits with 2 bits; in athird rearrangement, switch 1 bit with 1 bit; in a fourth rearrangement,switch 3 bits with 3 bits; etc.) in any sequence capable of repetition(e.g., sequential, reverse order, every other value, every 3 values,etc.).

In a preferred embodiment, i is based on a variable value selected froma set containing a plurality of predetermined values, with apredetermined value=n*8, for integers n≧1 (e.g.,i_set≡{8,16,8,32,24,8,8,32}≡in a first replacement, replace 8 bits with8 bits; in a second replacement, replace 16 bits with 16 bits; in athird replacement, replace 8 bits with 8 bits; in a fourth replacement,replace 32 bits with 32 bits; etc.) in sequential order, with theselection restarting from the first value after the last value isselected.

Position k may be based on a fixed value (e.g., always replacing fromposition k=1, k=2, . . . , or k=u−i+1) or a variable value. A variablevalue may be generated from a formula integrated within program code(e.g., after each rearrangement step, with k=1 initially; k=k+1, k=k+2;k=k+3, k=([k*13]MOD [u−i+1])+1), etc.). Alternatively, and preferably, avariable value may be selected from a set of a plurality ofpredetermined values (e.g., k_set≡{1,2,1,3,1,2,3,1}≡in a firstrearrangement step, i bits starting from position 1 are rearranged withi bits starting from position m; in a second rearrangement step, i bitsstarting from position 2 are rearranged with i bits starting fromposition m; in a third rearrangement step, i bits starting from position1 are rearranged with i bits starting from position m; etc.) in anysequence capable of repetition. Where a value k exceeds [u−i+1], k maybe reduced in value such that 1≦k≦[u−i+1] (e.g., k=(k MOD [u−i+1])+1).

In a preferred embodiment, k is based on a variable value selected froma set of a plurality of predetermined values, with a predeterminedvalue=n*8+1 for integers n≧0, in sequential order, with the orderrestarting from the first value after the last value is selected. Forexample, such a set may be k_set≡{1,41,9,41,17,9,1,25,33,9}, which mayresult in individual rearrangement steps starting from positions 1, 41,9, 41, etc.

In a rearrangement step, m may be based on a fixed value or a variablevalue, to the same extent as k. It should be noted that while k and mmay be selected from the same set of a plurality of predeterminedvalues, preferably they are selected from different sets.

A In a preferred embodiment, m is based on a variable value selectedfrom a set of a plurality of predetermined values, with a predeterminedvalue=n*8+1 for integers n≧0, in sequential order, with the orderrestarting from the first value after the last value is selected. Forexample, such a set may be m_set≡{17,33,9,25,41,9,1,41,1,33}, which mayresult in individual rearrangement steps starting from positions 17, 33,9, 25, etc.

As noted above, in a preferred embodiment of rearranging bits in a userkey, i is based on a variable value selected from a set containing aplurality of predetermined values, with a predetermined value=n*8, forintegers n≧1; k is based on a variable value selected from a set of aplurality of predetermined values, with a predetermined value=n*8+1, forintegers n≧0; and m is based on a variable value selected from a set ofa plurality of predetermined values, with a predetermined value=n*8+1,for integers n≧0.

FIG. 7 a shows a preferred embodiment of rearrangement according to thepresent invention prior to rearrangement of one or more bits in a userkey 100; in which a user key 100 may be “Goose Gossage123”, with u=128;an i_set 200 of a plurality of predetermined values may be“8,16,8,32,24,8,8,32”; a k_set 400 of a plurality of predeterminedvalues may be “1,41,9,41,17,9,1,25,33,9”; and an m_set 500 of aplurality of predetermined values may be “17,33,9,25,41,9,1,41,1,33”.

As shown in FIG. 7 b, in a first rearrangement step, i is selected fromthe first available value contained in i_set 200, which is the value“8”. Next, the first available value from k_set 300 is selected, whichis the value “1”. Accordingly, 8 bits may be deleted from user key 100starting from position 1 (“G” is deleted), resulting in user key 100having the value “oose Gossage123” and u=120. Next, the first availablevalue from m_set 500 is selected, which is the value “17”. Accordingly,“G” may be inserted into user key 100 starting from position 17,resulting in user key 100 having the value “ooGse Gossage123” and u=128.

As shown in FIG. 7 c, in a second rearrangement step, i is selected fromthe next available value contained in i_set 200, which is the value“16”. Next, the next available value from k_set 300 is selected, whichis the value “41”. Accordingly, 16 bits may be deleted from user key 100starting from position 41 (“G” is deleted), resulting in user key 100having the value “ooGseossage123” and u=112. Next, the next availablevalue from m_set 500 is selected, which is the value “33”. Accordingly,“G” may be inserted into user key 100 starting from position 33,resulting in user key 100 having the value “ooGs Geossage123” and u=128.

Rearrangement, as shown, may continues for as many iterations asdesired. As noted, rearrangement is optional. As can be seen, replacingi bits of a user key with i bits from another source does not change thevalue of u or e.

Seeding

According to the present invention, seeding may be optionally employed,and when employed, is part of the cryptography software. A seed may becombined with private data prior to encryption according to a particularformat (e.g., intermixed symmetrically or asymmetrically with theprivate data, appended to the head or tail of the private data, etc.).After decryption of encrypted private data that was seeded, the seed maybe extracted and compared to its known value. Where the extracted value(potential seed) deviates from the known seed value, a server may knowthat either the encryption was unsuccessful or the encrypted privatedata was not encrypted by the server.

A seed may be one or more bits. Preferably, a seed is 40 bits in length.

The value of a seed may be predetermined (e.g., “Beer!”) or generatedbased on one or more bits in the private data (e.g., checksum, parity,etc.). Preferably however, a seed has a predetermined value.

FIG. 8 illustrates a preferred seeding technique according to thepresent invention. As shown in FIG. 8, a seed 60 may have the value“Beer!” and private data 50 may have the value “Gossage”. As shown inFIG. 8 b, seed 60 may be concatenated to the head of private data 50resulting in modified private data 50 “Beer!Gossage”. Thus, as seeded,private data 50 may be encrypted. Upon decryption, 40 bits may beextracted from the head of private data 50 and compared to determinewhether it is seed 60.

The present invention is now described in operation:

As shown in FIG. 2 a, a user's computer may contact a server accordingto the present invention by sending a request for data, which containsprivate data 50, via the user's computer 30.j over the Internet 20 to aserver 10.i. After receiving the private data 50, a server 10.i causesthe data 50 to be stored in a memory 11.i (preferably RAM) forsubsequent encryption. The user may contact a server by entering the URLor Internet address of the server or by clicking or selecting a bookmarkor hyperlink directed to the server. Subsequently, the user may continueto enter private data 50 relating to the user, which may include anyprivate data as previously defined. As shown in FIG. 2 b, this ispreferably performed by a user filling out a form, via keyboard entry,displayed on a display device 70 via browser software. Referring againto FIG. 2 b, a form may contain a name field 71 and an email field 72for inputting of a name and an email address, respectively; and further,a form may contain a submit button 74 for submission of a completedform. Upon submission of the form, the data may be posted to a CGIProgram or script or similar program or script located on the server viatransmission over the Internet to the server.

It should be noted that the clicking history of a user, as that userperuses web pages, banners and/or links may also be considered privatedata. Thus, the submission of data may occur over one or moretransactions and need not be limited to submitted form data. Further, asexpressly defined above, private data may be a primary key; thus, thesending of private data by a user is not necessarily required.

The private data sent by the user, in whole or in part, represents astate between the user and the server and thereby dictates in whole orin part the private data to be stored in a cookie by the server. Forexample, a user may send his last name, which may be “Gossage”.Preferably, as shown in FIG. 2 a, the private data 50 may be transferredbetween the user's computer 30.j and server 10.i via a securedconnection 15, such as SSL.

It should be noted that some precoding and decoding may be required withthe particular encryption algorithm employed. For example, the privatedata may be concatenated in a particular order to form a string havingfixed or variable length fields. Another form of coding is binary/textconversion, and may arise, for example, where a particular encryptionalgorithm/technique requires input data in binary format and the inputdata is initially in text format; and may also be optionally employedafter output. Any binary/text conversion and/or coding may be optionallyemployed prior to input, as well as subsequent to output, as long asone-to-one correspondence between the precoded and decoded data ispreserved.

As shown in FIG. 3, encryption of private data 50 is effectuated byinputting the private data 50 and an encryption key 101.k (for k≧1) intoencryption function 100, which produces encrypted private data 110. Itshould be noted that the format of the particular key used will bedictated by the particular cryptography algorithm employed. For example,the PUKALL algorithm is designed to accept 16-character strings as keys.

According to a preferred embodiment, the PUKALL encryption algorithmaccepts a 16-character string as a 256-bit key, such as the 16-characterstring “Remsaalps!123456”. Encrypting the value “Gossage” with this keyvia the PUKALL algorithm may produce the value “¾M}7□c÷□”.

There are six parameters that may be assigned to a cookie: (1) the nameof the cookie, (2) the value of the cookie, (3) the expiration date ofthe cookie, (4) the path the cookie is valid for, (5) the domain thecookie is valid for, and (6) a flag representing the need for a secureconnection to exist to use the cookie.

According to the present invention, the first two parameters must beexplicitly assigned values: (1) the name of the cookie, and (2) thevalue of the cookie. The next four parameters may be optionallyexplicitly assigned values: (3) the expiration date of the cookie, (4)the path the cookie is valid for, (5) the domain the cookie is validfor, and (6) a flag representing the need for a secure connection toexist to use the cookie. These optional parameters may be explicitlyassigned values to improve security and/or functionality, and arediscussed in further detail herein.

Generally, creating a cookie involves replicating the HTTP cookie headerin some fashion so that browser software executing on a remote computerwill recognize and store the cookie.

According to the present invention, name data is assigned to the namefield of a cookie, such as the name “ywi”. Further, the encryptedprivate data with the embedded key is assigned to the value field of acookie.

The optional parameter (3), the expiration date of the cookie, may beassigned to the expires field of a cookie to direct browser softwareexecuting on a remote computer whether to store the cookie on a storagedevice, e.g., a hard drive. If not explicitly assigned a value, theexpires field defaults to end-of-session and the browser preserves thecookie only in memory (RAM) until the browser session is closed. Such avalue may be a past date, or a future date such as “Mon, 09-Dec-200213:46:00 GMT”, which if processed prior to expiration, may be stored ina storage device. A resulting HTTP header representing this cookie maybe as follows:

-   -   Content-type: text/html    -   Set-Cookie: ywi=“¾M}7□c÷□”; path=/;        -   expires=Mon, 09-Dec-2002 13:46:00 GMT

Upon receiving this header, browser software executing on a remotecomputer may store the cookie to a storage device.

The optional parameter (4), the path the cookie is valid for, may beexplicitly assigned a value, such as “/computerstore”. This causes to beset the URL path the cookie is valid within. Thus, pages outside thepath “/computerstore” cannot read or use the cookie having this value.Explicitly assigning a value to this parameter would be advantageouswhere multiple websites exist within a domain, such as www.thissite.comand www.thissite.com/otherparty, and sharing of cookies between theservers associated therewith is undesired. If not specified, the valuedefaults to the path of the document creating the cookie.

The optional parameter (5), the domain the cookie is valid for, may beexplicitly assigned a value, such as “.thissite.com”. Where a websiteuses multiple servers within a domain, it may be desirable to make thecookie accessible to pages on any of those servers. Thus, a cookie maybe assigned to an individual server or to an entire Internet domain.Here, all servers within the domain www.thissite.com may access thecookie so defined. The default value if not explicitly set is the fulldomain of the document creating the cookie.

The optional parameter (6), a flag representing the need for a secureconnection to exist to use the cookie, should only be used under asecure sever condition, such as SSL. Where secure transactions areimplemented, this parameter heightens security between a server and aremote computer. If not explicitly set to TRUE, this defaults to FALSE.

In sending the cookie to a remote computer, the server effectuates thecreation of an HTTP header which is sent along with a requested page.This causes the value of the cookie to be sent to a remote computer,received thereby, and in conjunction with browser software executingthereon, stored in memory or on a storage device, such as a hard drive.

As shown in FIG. 9, according to the present invention, a cookie 300 hasat a minimum a name field 301 with a value representing the name of thecookie, such as “ywi”. Further, the cookie 300 has a value field 302containing the encrypted private data 110, which may be “¾M}7□c÷□”.

It is important to note that cookies, as they are implemented today, aretransferred between a server and a browser as an HTTP header and thespecifications for this header are explicitly set forth in RFC 2109,which has been readily and freely available over the Internet. Further,the setting and reading of cookies can be effectuated with a pluralityof languages and/or scripts, and the particular choice of languageand/or script is not important to the present invention insofar as itdoes not deviate from the teachings of the invention. Examples oflanguages and scripts are as follows: JavaScript, PERL, LiveWire, ASP,Virtual Basic (“VB”) and VBScript. Further, custom software may be used,via C, C++, etc., to the extent that a compatible HTTP header iscreated.

As shown in FIGS. 10 a and 10 b, a cookie 300 is sent over the Internet20 to a user's remote computer 30.j, which stores the cookie 300 in aread-write device, which may be the remote computer's RAM 31.j orstorage device, such as a hard drive 32.j.

When a user subsequently requests a page from the server or a relatedserver, i.e., a request from the browser to a server, the cookie headeris modified slightly from that which created the cookie. For example,the header may be as follows:

-   -   Content-type: text/html    -   Set-Cookie: ywi=“¾M}7□c÷□”

Here, a server is made aware of the cookie named “ywi” having the valueof the encrypted private data with embedded key. Generally, retrieving acookie from a header does not require actual reading of the HTTP Cookie:header, since most languages automatically read this header for theprogrammer and make it accessible through a programming variable orobject. As with creating a cookie, accessing a cookie may be effectuatedwith a plurality of languages and/or scripts, and the particular choiceof language and/or script is not important to the present inventioninsofar as it does not deviate from the teachings of the presentinvention. Examples of languages and scripts are discussed above.

As shown in FIG. 11 a, a user's remote computer 30.j may send a cookie300 back to server 10.i that originally sent the cookie 30.j to theuser's computer 30.j for storage of the cookie 30.j in server memory11.i for subsequent processing.

As shown in FIG. 11 b, a user's remote computer 30.j may send a cookie300 to a server 10.2, which is not the server that originally sent thecookie 300 to the user's computer 30.j. As also shown FIG. 6 b, server10.2 stores cookie 30.j in server memory 11.2 for subsequent processing.

Once the value of the cookie is accessed by a server, the encryptedprivate data may be extracted from the data field of the cookie.

As shown in FIG. 2 c, a user may again be presented with a form having auser key data field 73 for inputting and submission to a server of theuser's associated user key, which is required for recreation of theuser's associated encryption key.

As shown in FIG. 12, upon submission of the correct user key, a servermay then recreate the encryption key 101.k used to encrypt the privatedata according to the same creation process used to create theencryption key initially. Referring again to FIG. 12, a server may thendecrypt encrypted private data 110 by inputting encrypted private data110 and the recreated encryption key 101.k into decryption software 106,which results in decrypted private data 210.

With this decrypted private data, a state may be created between theserver and the remote computer of a user. For example, the decrypteddata may be the user's last name, such as “Gossage” wherein the servermay now know the identity of the user; thus creating a state between theserver and the user.

As can be seen, the present invention efficiently protects the privacyof Internet users by protecting private user data available forestablishing Internet user states.

In the foregoing specification, the invention has been described withreference to specific exemplary embodiments thereof. It will, however,be evident that various modifications and/or changes may be made theretowithout departing from the broader spirit and scope of the invention.For example, where the size of a user key, as submitted by a user, isequal to the size required of an encryption key, the user key may beused directly as an encryption key. Accordingly, the specification anddrawings are to be regarded in an illustrative and enabling rather thana restrictive sense.

1. In a system comprising a server and a computer communicativelyconnected together via an HTTP-based network, a method of establishingby the server a secure state between the server and a user operating thecomputer, said method comprising: receiving, from the computer, a userkey comprising U bits, where U>0; creating, from said user key, acryptographic key; encrypting, using said cryptographic key, user data;storing the encrypted user data in a cookie; naming the cookie byassigning name data to the cookie; sending the cookie to the computerfor storage thereby; receiving the cookie from the computer; receivingsaid user key from the computer; recreating, from said user key, saidcryptographic key; extracting the encrypted user data from the cookie;decrypting, using said cryptographic key, the encrypted user data; andestablishing the secure state between the server and the user based onthe decrypted user data.
 2. The method of claim 1, further comprisingbefore said encrypting, receiving user information from the computer;wherein the user data is based on the user information.
 3. The method ofclaim 1, wherein creating said cryptographic key comprises inserting atleast one bit at a position K of said user key, where 1≦K≦U+1, andrecreating said cryptographic key comprises inserting the at least onebit at the position K of said user key.
 4. The method of claim 1,wherein creating said cryptographic key comprises deleting I bits fromsaid user key from a position K of said user key, where 1≦I<U and1≦K≦(U−I+1), and recreating said cryptographic key comprises deletingthe I bits from said user key from the position K of said user key. 5.The method of claim 1, further comprising: before encrypting, seedingthe user data according to a format; wherein the secure state isestablished if the decrypted user data is seeded according to theformat.
 6. The method of claim 5, further comprising: sending, to thecomputer, an error message if the decrypted user data is not seededaccording to the format.
 7. In a system comprising a server and acomputer communicatively connected together via an HTTP-based network, amethod of establishing by the server a secure state between the serverand a user operating the computer, said method comprising: receiving,from the computer, a cookie comprising encrypted user data that may beseeded according to a format; receiving a user key from the computer;creating, from said user key, a cryptographic key; extracting theencrypted user data from said cookie; decrypting, using saidcryptographic key, the encrypted user data; and establishing the securestate between the server and the user based on the decrypted user data.8. The method of claim 7, wherein creating said cryptographic keycomprises inserting at least one bit at a position K of said user key,where 1≦K≦U+1.
 9. The method of claim 7, wherein creating saidcryptographic key comprises deleting I bits from said user key from aposition K of said user key, where 1≦I<U and 1≦K≦(U−I+1).
 10. The methodof claim 7, wherein the secure state is established if the decrypteduser data is seeded according to the format.
 11. The method of claim 10,further comprising: sending, to the computer, an error message if thedecrypted user data is not seeded according to the format.
 12. For useby a server communicatively connected to a computer via an HTTP-basednetwork, a computer readable medium comprising instructions forestablishing a secure state between the server and a user operating thecomputer, by causing the server to perform actions, comprising:receiving, from the computer, a user key comprising U bits, where U>0;creating, from said user key, a cryptographic key; encrypting, usingsaid cryptographic key, user data; storing the encrypted user data in acookie; naming the cookie by assigning name data to the cookie; sendingthe cookie to the computer for storage thereby; receiving the cookiefrom the computer; receiving said user key from the computer;recreating, from said user key, said cryptographic key; extracting theencrypted user data from the cookie; decrypting, using saidcryptographic key, the encrypted user data; and establishing the securestate between the server and the user based on the decrypted user data.13. The computer readable medium of claim 12, wherein the actionsfurther comprise: before said encrypting, receiving user informationfrom the computer; wherein at least a portion of the user data is basedon the user information.
 14. The computer readable medium of claim 12,wherein creating said cryptographic key comprises inserting at least onebit at a position K of said user key, where 1≦K≦U+1, and recreating saidcryptographic key comprises inserting the at least one bit at theposition K of said user key.
 15. The computer readable medium of claim12, wherein creating said cryptographic key comprises deleting I bitsfrom said user key from a position K of said user key, where 1≦I<U and1≦K≦(U−I+1), and recreating said cryptographic key comprises deletingthe I bits from said user key from the position K of said user key. 16.The computer readable medium of claim 12, wherein the actions furthercomprise: before encrypting, seeding the user data according to aformat; wherein the secure state is established if the decrypted userdata is seeded according to the format.
 17. The computer readable mediumof claim 16, wherein the actions further comprise: sending, to thecomputer, an error message if the decrypted user data is not seededaccording to the format.
 18. For use by a server communicativelyconnected to a computer via an HTTP-based network, a computer readablemedium comprising instructions for establishing a secure state betweenthe server and a user operating the computer, by causing the server toperform actions, comprising: receiving, from the computer, a cookiecomprising encrypted user data that may be seeded according to a format;receiving a user key from the computer; creating, from said user key, acryptographic key; extracting the encrypted user data from said cookie;decrypting, using said cryptographic key, the encrypted user data; andestablishing the secure state between the server and the user based onthe decrypted user data.
 19. The computer readable medium of claim 18,wherein creating said cryptographic key comprises inserting at least onebit at a position K of said user key, where 1≦K≦U+1.
 20. The computerreadable medium of claim 18, wherein creating said cryptographic keycomprises deleting I bits from said user key from a position K of saiduser key, where 1≦I<U and 1≦K≦(U−I+1).
 21. The computer readable mediumof claim 18, wherein the secure state is established if the decrypteduser data is seeded according to the format.
 22. The computer readablemedium of claim 21, wherein the actions further comprise: sending, tothe computer, an error message if the decrypted user data is not seededaccording to the format.